Tackling the new regulations for bulk email senders

Google and Yahoo, independently of one another, have come with new guidelines regarding bulk senders that will take effect from February 2024. Now while these guidelines have essentially been “best practice” for years, they are now going to be enforced as requirements.

There will be new regulations for bulk email senders, focusing primarily on three key areas: authentication of outgoing emails, reported spam rates, and the facilitation of easy unsubscribing from email lists.

Google, in an announcement made in early October, classified bulk senders as those who dispatch more than 5,000 messages to Gmail addresses within a single day, drawing the attention of email marketers in both B2B and B2C sectors.

Regarding the authentication requirements for bulk senders, both companies will mandate the adoption of what Google terms “well-established best practices” to verify the sender’s identity. This measure aims to close potential loopholes that could be exploited by attackers.

In the realm of email authentication, three mechanisms collaboratively contribute to enhancing security:

Sender Policy Framework (SPF): This prevents domain spoofing by enabling senders to specify the email servers authorised to send emails from their domain.

DomainKeys Identified Mail (DKIM): This adds a digital signature to outgoing emails, confirming that the message originated from an authorised sender and remained unaltered during transmission.

Domain-based Message Authentication, Reporting, and Conformance (DMARC): This empowers domain owners to define actions to be taken when an email fails authentication, while also facilitating reporting on email authentication outcomes.

By February 1st, both Google and Yahoo will mandate bulk senders to implement all three of these authentication mechanisms to ensure compliance with the new requirements.

Authentication of Email going forward

Security is paramount, and Symplify takes this commitment seriously. Our platform prioritises the implementation of robust email authentication practices, adhering to well-established standards. For those utilising Symplify, your accounts already benefit from DKIM 1024-bit keys. Now, in alignment with Gmail’s upcoming requirements, we recommend furthering your authentication by utilising 2048-bit keys. Read more here.

One click unsubscribe

Google is recommending one touch/click unsubscribe, in terms of soft unsubscribe, a popular method for offboarding customers from marketing communication, where does this decision leave us?

The short answer is, the most direct interpretation of the recommendation means that technically redirecting users to a settings page where they can select what type of communication they would like to continue to receive, could possibly fall foul Google’s recommendation.